Intel ‘unable to fix’ critical hardware-encoded CPU flaw

Critical flaw affecting recently-released chips is said to be "exactly what security specialists feared the most"

Some of the most widely-used Intel chips released over the last five years are embedded with a critical vulnerability at the hardware level, as well as within the firmware.

A flaw has been discovered in the Converged Security and Management Engine (CSME) boot ROM on most Intel chipsets and system on a chip (SoC) units available today, apart from 10th-gen CPUs with Ice Point components.

Exploitation could allow an attacker to extract the CPU’s chipset encryption key and compromise the root of trust in a system, according to research published with Positive Technologies. The vulnerability also allows an attacker to conduct arbitrary code execution with zero-level privileges within the Intel CMSE.

The vulnerability is so serious that Intel has advised affected customers to replace hardware in order to fix it.

The range of devices afflicted is very broad, according to Intel. These include CSME-ready chips with SPS firmware for servers, TXE firmware for tablets or low-power devices, DAL software for machines ranging from workstations to IoT devices, and the AMT module used for remote IT management.

Assigned CVE-2019-0090, it was actually first flagged as a highly-severe flaw in May 2019, with Intel releasing a patch to fix what was at the time thought to be a mere firmware bug. It has now emerged this patch only addressed one potential attack vector, involving the Integrated Sensors Hub (ISH), and the root vulnerability goes much deeper.

“The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality,” said Positive Technologies' lead specialist of OS and hardware security Mark Ermolov.

“This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company's platforms. The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets - the larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

The severity of the flaw is based on not just what it can allow an attacker to do, should they compromise a device, but in the fact that it’s so difficult to remedy. Intel understands, according to Ermolov, that it cannot fix the vulnerability in the ROM of existing hardware, meaning concerned users will have to get their CPUs physically replaced.

It’s similar to the infamous Spectre and Meltdown vulnerabilities discovered several years ago, in that one of the only successful fixes was to physically replace the hardware.

Intel CSME, previously known as the Intel Management Engine BIOS Extension (Intel MEBx), is a security feature that’s the basis for cryptography in CPUs and firmware. It’s responsible for verifying and authenticating all firmware loaded onto Intel-based machines, and is one of the first systems that starts running when a device is booted.

The hardware-encoded vulnerability can be exploited to recover the chipset encryption key as well as the generation of all other encryption keys, however, which would effectively give an attacker access to everything on a device.

"Intel was notified of a vulnerability potentially affecting the Intel Converged Security Management Engine in which an unauthorized user with specialized hardware and physical access may be able to execute arbitrary code within the Intel CSME subsystem on certain Intel products," a spokesperson told IT Pro.

"Intel released mitigations and recommends keeping systems up-to-date. Additional guidance specific to CVE-2019-0090 can be found here."

The firm also recommends that users of chips with Intel CSME, amounting to most chips released over the last five years, contact their device or motherboard manufacturer for microchip or BIOS updates to address the vulnerability.

Since it's impossible to fix the flaw by modifying the chipset ROM, Positive Technologies also recommends disabling Intel CMSE-based encryption, or consider migrating devices to 10th-gen CPUs.

The researchers are planning to release a full-length white paper exploring the flaw in the near future.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Intel buys data science startup Cnvrg.io
artificial intelligence (AI)

Intel buys data science startup Cnvrg.io

4 Nov 2020
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021
Intel launches 3rd-gen Xeon Scalable processors
IT infrastructure

Intel launches 3rd-gen Xeon Scalable processors

6 Apr 2021
IT Pro News in Review: Microsoft to buy Discord, Intel plays catch-up and the end of LG smartphones
Business strategy

IT Pro News in Review: Microsoft to buy Discord, Intel plays catch-up and the end of LG smartphones

26 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021